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WHAT IS CLAIMED IS: 

1 . A method for controlling access to a document, comprising: 
determining an access right for a user; 

building a member definition using the access right and associating the member definition 
with the user; and 

linking the member definition to a portion of a document. 

2. The method of claim 1, further comprising: 
receiving a request from a user to access the document; 
comparing the request with the access right; and 

allowing access to the document in accordance with the access right. 

3. The method of claim 2, wherein the allowing access allows access only to the portion of 
the document. 

4. The method of claim 1, further comprising adding a new user to the document. 

5 . The method of claim 1 , further comprising removing a member from the document. 

6. The method of claim 1 , further comprising: 

storing the member definition remotely from the document. 

7. The method of claim 1 , further comprising: 
storing the member definition in the document. 

8. The method of claim 1, further comprising: 
encrypting the document; and 

linking the member definition with a public key and a private key. 



13 



Attorney Docket No.; 26530.92 (IDR-671) 
Customer No. 27683 



9. The method of claim 1, further comprising: 
determining a second access right for the user; 

building a second member definition using the second access right; and 
linking the second member definition to a second portion of a document. 

10. The method of claim 9, wherein the first portion of the document and the second portion 
of the document are different. 

11. A system for controlling access to a document, comprising: 
a document comprising a first data and a second data; 

a first member definition associated with the first data, wherein the first member 
definition contains a first user identifier and a first access right for a first user for the first data; 

a second member definition associated with the second data, wherein the second member 
definition contains a second user identifier and a second access right for a second user for the 
second data; and 

an access controller that receives a request from the first user for access to the document, 
wherein the access controller locates the first member definition and allows access to the 
document. 

12. The system of claim 11, wherein the access controller limits access to the document in 
accordance with the first access right and the second access right. 

13. The system of claim 11, wherein the first user identifier and the second user identifier 
identify the same user and the first access right and the second access right identify different 
access rights. 

14. The system of claim 11, wherein the first member definition contains a digital signature. 

15. The system of claim 11, wherein the first member definition and second member 
definition are stored remotely from the document. 
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16. The system of claim 11, wherein the first member definition and second member 
definition are stored in the document. 

17. The system of claim 11, wherein the document is a tagged document. 

18. The system of claim 11, wherein the document is an XML document. 

19. The system of claim 11, wherein the document is a text document. 

20. The system of claim 11, wherein the document is a binary document. 

21. A computer-readable medium comprising a plurality of instructions for execution by at 
least one computer processor, wherein the instructions are for: 

determining a first access right for a first user and a second access right for a second user; 
building a first member definition using the first access right, a first user identifier, and a 
first digital signature; 

building a second member definition using the second access right, a second user 
identifier, and a second digital signature; 

linking the first member definition to a first portion of a document; 

linking the second member definition to a second portion of the document; 

storing the first member definition and second member definition remotely from the 
document; 

encrypting the document; 

receiving a request from a requester to access the document; 

based on the first user identifier and the second user identifier, determining the access 
right for the requester for the first portion of the document and the second portion of the 
document; and 

allowing access only to the document in accordance with the first access right and second 
access right. 
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